Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Stalled at the intersection of dev ops and security v2

309 views

Published on

The majority of enterprises are very concerned about the security of the software they are developing, but how can they secure their software without slowing down their velocity - or put another way - how can they move past being stalled at the intersection of DevOps and Security? With this in mind, we explore the qualities of a security scanning tool that is "plug-and-play" with a modern devOps shop.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Stalled at the intersection of dev ops and security v2

  1. 1. Matthew Barker, Technical Director, Sonatype1 STALLED AT THE INTERSECTION OF DEVOPS AND SECURITY
  2. 2. WHAT WE HAVE! 2
  3. 3. WHAT WE REALLY NEED! 3
  4. 4. SOFTWARE DEVELOPMENT MOVES FASTER THAN SECURITY WHY ARE WE STALLED 4 Explosive Use of Components Agile and Devops Enterprise Scale Use of Complex Frameworks
  5. 5. 5 WE TAKE SECURITY SERIOUSLY!
  6. 6. WHY ARE WE STALLED 6 ARE WE SERIOUS ABOUT SECURITY? • Card Skimmers (9%) • Insider Misuse (8%) • Crimeware (4%) • DoS Attacks (1%) See the problem?
  7. 7. ARE WE SECURING OUR SOFTWARE SUPPLY CHAIN? 7
  8. 8. COST OF ASSESSING VULNERABILITIES LATE IN SLC 8
  9. 9. SOME RECENT APPLICATION ATTACKS 9
  10. 10. HOW DO WE MOVE TO THE DEVOPS- SECURITY ACCELERATED INTERSECTION? WHAT IS NEEDED 10 Fast and Continuous Accurate Integrates Into Modern Devops tools Scalable Policy Driven Manages Supply Chain Prioritizes Vulnerabilities
  11. 11. Component Selection DEVELOPMENT BUILD AND DEPLOY PRODUCTION COMPONENT SELECTION PUBLIC REPOSITORIES A CONTINUOUS APPROACH PRECISELY IDENTIFY COMPONENTS & RISKS REMEDIATE EARLY IN DEVEOPMENT AUTOMATE POLICY ACROSS THE SLC MANAGE RISK ACROSS ENTIRE PORTFOLIO CONTINUOUSLY MONITOR FOR NEW RISKS 11
  12. 12. A Modern Security Scanning Architecture Modern Component Data Service Command Line Scanner with return value Real time policy check Email Alerts Includes production monitoring Fast, up to date, and accurate API Policy Server with Stored Analysis
  13. 13. QUESTIONS ? Matthew Barker mbarker@sonatype.com 505-239-4008

×